livepacific --:--:--
AI Security Engineer
SaviSingh

SecuringAIsystemsinproduction.

11+ years hardening enterprise environments. Now building the controls AI agents need before they touch real credentials, real systems, and real data.

Contact meLinkedIn
Savi Singh portrait
subject:savi
authenticated
ai security engineer · bay area

Engineering Disciplines

Three disciplines.
One production surface.

11
Years

Infrastructure

Systems Engineering

Distributed services engineered for availability under sustained production load.

  • distributed systems
  • high-availability networking
  • event-driven pipelines
  • service integration
  • observability & SLOs
9
Years

Defense

Security Architecture

Zero-trust identity, device posture, and detection engineered into the request path.

  • zero trust architecture
  • identity & access management
  • certificate & key management
  • secrets lifecycle
  • detection engineering
  • audit & compliance
3
Years

Autonomy

AI Automation

Autonomous agents operating on production systems under policy-driven guardrails.

  • agent orchestration
  • tool-use & function calling
  • retrieval-augmented generation
  • model evaluation & routing
  • policy-constrained execution

Story

How enterprise security shaped the way I build AI systems.

I started in enterprise security, where access, trust, and control boundaries had to be explicit. That same discipline now shapes the way I approach AI systems that touch real tools, business data, and credentials.

Story timeline

nine years · four chapters

  1. 012017

    SOC & DLP foundation

    Frontline SOC analyst across multi-client environments. IBM QRadar SIEM, custom detection rules, DLP policy design, and live incident response.

    safeaeon · wavestrong
    qradardlpdetection
  2. 022021

    Systems engineering

    Zero-Touch Deployment in Jamf Pro with CIS enforcement across 1,000+ macOS devices. Jamf Connect + Okta SSO. Migrated ITSM to ServiceNow.

    e.l.f. beauty · it systems engineer
    jamfokta ssoservicenow
  3. 032023

    Zero Trust at scale

    Okta FastPass, Zscaler ZPA, and BeyondTrust EPM across 1,100 endpoints. Python engine correlating SentinelOne, Rapid7, and Zscaler into one surface.

    e.l.f. beauty · sr. it security engineer
    zero trustidentitydetection
  4. 042025

    LiteWork AI · agent governance

    Founded LiteWork AI. Automation platform with OAuth2 rotation, scoped secrets injection, JIT credentials, and runtime policy — no agent holds standing access.

    founder · principal engineer
    agentssecrets sdkruntime policy

Credentials

Certifications earned along the way.

Checkpoints across security fundamentals, cloud identity, and Apple device management.

ISC²

SSCP

Systems Security Certified Practitioner

CompTIA

Security+

Security fundamentals

CompTIA

CySA+

Cybersecurity Analyst

CompTIA

CSAP

Security Analytics Professional

Jamf

Jamf 200

Certified Technician

Microsoft

AZ-900

Azure Fundamentals

Enterprise Zero Trust

The Zero Trust programs I own at enterprise scale.

Identity, network, egress, and detection. Each one owned, instrumented, and operated to enterprise standards: device-bound access, per-app segmentation, fully inspected egress, and correlated signal across every layer.

Identity1,100 users

Phishing-Resistant Identity

Lead the identity program for 1,100 users on Okta FastPass with SCEP-enrolled devices, compliance-gated posture, and conditional access. Every session is hardware-bound and phishing-resistant. No passwords on the wire.

FastPassSCEPSSO
NetworkVPN retired

Zero Trust Network Access

Own the Zero Trust network architecture on Zscaler ZPA. Decommissioned the corporate VPN, segmented apps by department and risk tier, and enforce least-privilege policy at the broker instead of the network edge.

ZPASegmentationPolicy
Secure egressEgress inspected

Secure Internet & SaaS Access

Operate the secure egress program on Zscaler ZIA with full TLS inspection, DLP, URL filtering, and CASB. Policy is tiered by user group and device trust. Nothing leaves the edge uninspected or unlogged.

ZIADLPCASB
DetectionPython

Cross-Signal Correlation Engine

Engineered an in-house correlation engine that fuses SentinelOne EDR, Rapid7 vuln, and Zscaler egress telemetry into one investigation surface. Python-native, schema-versioned, and audited against MITRE ATT&CK coverage.

SIEMTelemetryCorrelation

Agent orchestration

How I run AI agents against real systems, and keep them contained.

AI agents operate continuously against live production systems under policy-as-code controls, scoped to a least-privilege capability surface, and isolated behind a zero-trust workload mesh. Secrets are brokered just-in-time; every agent action emits an immutable audit trail. Separation of duties is enforced at the control plane — not the perimeter.

Primary coding agentContinuous operation

Anthropic Claude Code

Claude Code drives the primary inner loop against production systems. A hardened hook pipeline and scoped skill catalog provide pre- and post-execution policy enforcement; MCP servers expose typed tool surfaces with brokered credentials. State-changing operations pass policy before reaching any real resource.

Policy-gatedTyped toolsInner loop
Parallel executionN-way fan-out

OpenAI Codex

Codex runs in N-way parallel across isolated, ephemeral sandboxes — each with its own branch, diff surface, and human-review gate before merge. Blast-radius containment by design: tasks cannot see each other's state, and credentials are scoped per sandbox to prevent lateral movement.

IsolationHuman reviewLeast privilege
Agent control plane80+ capabilities

OpenClaw

Architected agent control plane running continuously against live production systems. A governed capability catalog of 80+ scoped tool modules, a policy engine enforcing 30+ pre- and post-execution gates across the agent lifecycle, and Infisical-brokered ephemeral secrets deliver separation of duties at the control plane — not the perimeter. State reconciles across a heterogeneous compute fleet; every agent action emits an immutable audit trail.

Policy engineCapability catalogAudit trail
Platform architecture10 zones · 16 nodes

Cloudflare · Tailscale · Docker

Multi-tenant edge and private platform serving 10 authoritative zones across salon, agency, and personal properties. Cloudflare Workers terminate all public traffic at the edge with KV-backed state and native observability; deploy and runtime credentials are scoped per service for blast-radius containment. The private tier runs on a 16-node identity-aware workload mesh with tag-based ACLs separating admin, ops, data, and client identities. Database hosts expose no public IP — workload identity replaces perimeter trust.

Zero-trustPolicy-scoped IAMEdge compute

OpenClaw architecture

Seven control layers behind every agent action.

OpenClaw is governed as a platform, not a script. Each layer below names the control and the primitive that enforces it — the same framing used in enterprise zero-trust and platform-engineering reference architectures.

  1. 01Identity & authentication

    Zero-trust workload identity with no disk-resident credentials.

    • 1Password SSH Agent
    • Tailscale ACL tags
    • Per-service Cloudflare tokens
  2. 02Policy enforcement

    Policy-as-code at the agent control plane. State-changing operations pass a deterministic gate before reaching any real resource.

    • 30+ hook actions
    • 5 lifecycle events
    • Admission-controller pattern
  3. 03Capability surface

    Typed, scoped tool catalog. Agents can only invoke what the catalog exposes — no shell-outs, no undocumented side channels.

    • 80+ capability modules
    • MCP-typed tools
    • Explicit allow-lists
  4. 04Secret management

    Secretless runtime. Credentials are brokered just-in-time and never land on disk, logs, or long-lived process memory.

    • Infisical vault broker
    • Per-env scoping
    • Continuous posture audit
  5. 05Network segmentation

    Defense-in-depth at the edge. Public traffic never reaches origin hosts; admin planes are unreachable from the public internet.

    • Cloudflare Workers
    • Caddy + mTLS
    • VPS with no public IP
  6. 06Isolation & blast radius

    Per-task sandbox isolation prevents lateral movement. Compromise of one agent workload cannot escalate across the fleet.

    • Ephemeral git worktrees
    • Per-sandbox credentials
    • Docker workload tiers
  7. 07Observability & audit

    Immutable audit trail across every agent action. Traces, logs, and alerts feed a self-hosted observability stack with real-time escalation.

    • SigNoz / OpenTelemetry
    • Wazuh SIEM
    • Kopia point-in-time recovery

Results

What I’ve shipped.

Measured outcomes from enterprise rollouts, security programs, and automation systems running in production.

0

endpoints

Rolled out device compliance across e.l.f. Beauty on Okta FastPass + BeyondTrust EPM.

Zero

credential leaks

60 deployments · 0 leaked

Across every LiteWork deployment — scoped secrets, JIT delivery.

80%

exposure cut

Cut cross-application exposure in the Zero Trust rollout.

8%3%

phishing rate

Dropped phishing click-rate over 12 months of global awareness work.

34d7d

AP cycle

Ingest
OCR
Vision
Review

Replaced manual AP review with an OCR + Gemini Vision agent pipeline.

100%

in 8 weeks

Cut users over from legacy VPN to Zscaler ZPA with zero productivity hit.

$1B+

enterprise scope

  • NYSE: ELF
  • SEC-Reporting
  • SOX-Regulated

Senior Security Engineer at e.l.f. Beauty — NYSE-listed, SEC-reporting, SOX-regulated public company.

60+

clients

HealthcareReal EstateE-commerceLegalBeautyWellnessFitnessHospitalityHealthcareReal EstateE-commerceLegalBeautyWellnessFitnessHospitality
HospitalityFitnessWellnessBeautyLegalE-commerceReal EstateHealthcareHospitalityFitnessWellnessBeautyLegalE-commerceReal EstateHealthcare

Shipped AI automation systems across healthcare, real estate, e-commerce, legal, and beauty.

Contact

Let's talk.

Hiring, recruiting, or working on something I'd be a good fit for? Send a note — or connect on LinkedIn.